Privacy policy
Last updated: Aug 2025
Privacy Policy
Last updated: August 2025
This Privacy Policy describes how SMS PoP ("we", "us", or "our") collects, uses, discloses, and protects your personal data when you use the SMS Pop platform ("Service") in Zimbabwe. By using our Service, you agree to the collection and use of information in accordance with this policy and the Zimbabwe Data Protection Act [Chapter 11:12].
1 Information We Collect
1.1 Personal Information You Provide
- Account Information: Full name, email address, phone number, and password when you register
- Billing history: transaction history on billing process.
- system interactions: Information you provide when you create or manage your account, such as contacts and campaigns
- Communications: Records of your interactions with our support team and feedback submissions
1.2 Information Collected Automatically
- Usage Data: Login history, message logs, platform interactions
2 How We Use Information
2.1 Service Provision
- To create and manage your account and provide the SMS services
- To authenticate users and prevent unauthorized access
- To process transactions and send billing notifications
- To deliver SMS messages and provide delivery reports
2.2 Communication
- To respond to your inquiries and provide customer support
- To send important notices about service changes, terms updates, or policy changes
- To inform you about new features, products, or promotional offers (with opt-out option)
2.3 Business Operations
- To monitor and analyze usage trends to improve our services
- To conduct research and development for new products and features
- To prevent fraud, abuse, and security incidents
- To comply with legal obligations under Zimbabwean law
Legal Basis for Processing: We process your data based on (1) your consent, (2) performance of a contract with you, (3) compliance with legal obligations in Zimbabwe, or (4) legitimate business interests that don't override your rights.
3 Data Sharing and Disclosure
3.1 Service Providers
We share information with third-party vendors who provide services on our behalf:
- SMS Gateway Providers: To route and deliver your messages (only necessary message content and recipient numbers)
- Payment Processors: To handle financial transactions securely
- Cloud Hosting Providers: For data storage and infrastructure
- Analytics Providers: To understand service usage patterns (aggregated data only)
3.2 Legal Requirements
We may disclose your information when required by Zimbabwean law or legal process:
- To comply with court orders, subpoenas, or other legal requests
- To assist law enforcement in investigations as required by law
- To protect against legal liability or defend our rights
- To comply with telecommunications regulations from POTRAZ
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, with appropriate confidentiality protections.
Data Protection Commitment: We never sell your personal data. All third parties must agree to confidentiality obligations and may only process data for specified purposes in compliance with Zimbabwe's Data Protection Act.
4 Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by Zimbabwean law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | 5 years after account closure | Legal and financial record-keeping requirements |
| Transaction Records | 7 years | Zimbabwe Revenue Authority tax compliance |
| SMS Message Content | 30 days after delivery | Operational requirements (unless longer retention required by law) |
| Customer Support Interactions | 3 years | Service quality and dispute resolution |
After the retention period expires, we securely delete or anonymize your data. Some metadata may be retained longer for analytical purposes in aggregated form.
5 Security Measures
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, in compliance with Zimbabwe's Data Protection Act requirements for data security.
Technical Protections
- Encryption: End-to-end encryption for data in transit (TLS 1.2+) and at rest (AES-256)
- Network Security: Firewalls, intrusion detection/prevention systems, and DDoS protection
- Access Controls: role-based access, and least privilege principles
- Vulnerability Management: Regular security patching and penetration testing
- Data Minimization: Collection of only necessary data and pseudonymization where possible
Organizational Protections
- Data Protection Officer: Appointed to oversee compliance with data protection laws
- Staff Training: Regular training on data protection and privacy best practices
- Policies & Procedures: Comprehensive data protection policies and incident response plans
- Vendor Assessments: Due diligence on third-party processors and contractual safeguards
- Audit Trails: Logging and monitoring of access to sensitive data
Data Breach Notification: In the unlikely event of a data breach affecting your personal data, we will notify you and the relevant Zimbabwean authorities as required by law, typically within 72 hours of becoming aware of the breach.
6 Your Rights Under Zimbabwe's Data Protection Act
As a data subject under Zimbabwe's Data Protection Act [Chapter 11:12], you have the following rights regarding your personal data:
Access and Portability
Request a copy of your personal data in a structured, commonly used format.
Rectification
Correct inaccurate or incomplete personal data we hold about you.
Erasure
Request deletion of your personal data under certain circumstances.
Restriction
Limit how we use your data while disputes are resolved.
Objection
Object to certain processing activities like direct marketing.
Withdraw Consent
Withdraw previously given consent at any time.
To exercise any of these rights, please contact our Data Protection Officer using the contact details below. We may need to verify your identity before processing your request. There is no fee for making these requests, unless they are manifestly unfounded or excessive.
7 International Data Transfers
As a Zimbabwe-based company, we primarily store and process data within Zimbabwe. However, some of our service providers may process data in other countries.
When we transfer personal data outside Zimbabwe, we ensure appropriate safeguards are in place as required by the Data Protection Act, such as:
- Processing only in countries with adequate data protection laws
- Implementing Standard Contractual Clauses approved by the Zimbabwean Data Protection Authority
- Requiring vendors to comply with binding corporate rules or other approved mechanisms
8 Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our platform:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Necessary for platform functionality (login, security) | Session |
You can control cookies through your browser settings. However, disabling essential cookies may affect platform functionality. Our cookie banner allows you to manage non-essential cookies when you first visit our site.
9 Children's Privacy
Our service is not directed to individuals under 18. We do not knowingly collect personal data from children without parental consent. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to remove that information in accordance with Zimbabwean law.
10 Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, and other factors.
When we make material changes, we will notify you through the Service or by other means (such as email or SMS) at least 3 days before the changes take effect, giving you time to review the changes before they become effective. The "Last updated" date at the top of this policy indicates when it was last revised.
11 Complaints
If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue.
You also have the right to lodge a complaint with the Zimbabwe Data Protection Authority if you believe your rights under the Data Protection Act have been violated.
Contact Information
Data Protection Officer
support@smspop.co.zw
General Privacy Inquiries
support@smspop.co.zw
Phone
+263 714239734 (Mon-Fri, 8am-5pm CAT)
Postal Address
Attention: Data Protection Officer
SMS Pop
88 Rezende Street
Harare, Zimbabwe